Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Anonymous Security Handbook
An Introductory Guide to Safety during Social Instability
This needs to be merged into The Newfag's Guide to Anonymous.
Anonymous – the uber-secret handbook: compiled by Anonymii
Version 0.2.1, Date 09. April 2011 DRAFT VERSION
Political activists, dissidents, and even nonpartisan bystanders caught in social instability are often fearful for their protection and protection of their families. Citizens may face harsh and even violent opposition by authorities and security forces in such situations. This guide is designed to introduce the reader to the mentality needed to stay safe during unrest and protests both online and offline. It furthermore aims to assist in continued communications during periods of internet and phone line restrictions.
The first section of this article will focus on personal safety. Personal safety can be spoken of in two different spheres: Physical Safety and Internet Safety. It is important to remember that these two spheres overlap: a lapse of internet safety could lead to physical identification. However, by keeping in mind a few important rules you can drastically reduce the chance of being singled out and identified.
The second section of this article will go into specifics regarding technology that can be used to communicate anonymously, maintain secrecy, and protest effectively.
- Foreword [fwd1]
- Index [ind2]
- Introduction [idn3]
- Personal Safety [prs4]
- Physical Safety [phy5]
- Internet Safety [int6]
- Internet Security [isc7]
- VPNs [vpn8]
- I2P [i2p9]
- Proxies [prx0]
- Tor Onion Router [tor1]
- Communications [cmm2]
- Additional Information [add3]
- Temporary Emails [eml4]
- Firefox Plugins [ffx5]
- Care Package [pkg6]
The below is a quick summary of each section (for the lazy).
*** Personal Safety [prs4] ***
Physical Safety [phy5]
The key to physical safety is to act normal so as not to draw undue attention to yourself and to not reveal identifying information to anyone. Important steps in achieving this can be separated into two lists: The Do List, and The Do Not List. These steps are especially important if you are an activist, as this puts you at more of a risk to start with.
The Do List:
- Blend in with crowds
- Disperse into streams of people
- Keep a low profile
- Keep up to date on the news, especially protest rallying points and security checkpoints or roadblocks
- Look for signs of plainclothes police in your presence
- Cover anything that could be used to identify you such as tattoos or scars
- If you come into contact with anonymous materials or protest guides, try to get them to protesters they contain key safety information.
Additional Do's for Protesters:
- Establish secure means to communicate with other protesters
- Plan your protest point, escape plan, and regrouping point before attending a protest
- Make backup plans not just one, but many
- Search for communications by Anonymous and Telecomix read "Communications"
- Try to obtain Anonymous' Riot Guide for homemade gas mask instructions, advanced coordination strategies, etc.
The Do Not List:
- Do not trust anyone to be who they say they are
- Do not give any personal information that could be used to identify you to anyone
- Do not mention anything about relationships, family, or relatives
- Do not mention ties to activist groups
- Do not mention the group Anonymous to anyone you do not know
- Do not mention anything about your past education, employment, etc.
Internet Safety [int6]
Any use of the internet could potentially be used to physically locate you. It is important not to reveal information on the internet. If you are doing anything controversial online such as discussing protests or blogging you must be sure to conceal your IP . Please refer to the section on "Internet Security."
The Do List
- Keep in mind that any interaction you have online may be seen by others
- Think about actions before you make them do not say anything that you may regret, as it could be recorded
- Create unique and secure usernames and passwords Use letters, numbers, and special characters
- Use a VPN if at all possible see "Internet Security"
- Delete your history, cookies, and cache after each internet session
- Use Private Mode browsing whenever possible
- Try using clients like Firefox instead of Internet Explorer
- Use temporary or throw away email accounts to create facebook accounts, etc. See [eml4]
- Use Firefox plugins for added security. See [ffx5]
The Do Not List
- Do not use any or all of your actual name in account and usernames
- Do not mention anything that could be personally identifying see "Physical Safety" [phy5]
- Do not mention time zones
- Do not mention physical characteristics or abilities
- Do not mention relationships, family, or relatives
- Do not connect/disconnect from services such as Twitter and Facebook all at once stagger your access so they can't be connected
Internet Security [isc7]
Each online device has an 'IP Address.' An IP can be used to help physically locate an individual. For this reason, it is important to hide your IP. There are many ways of doing this. You should use as many layers of security as possible at any given time to increase your protection. Prepare internet security methods ahead of time in case internet restrictions are enforced suddenly. The three primary methods that will be discussed in this article are VPNs, I2P, and proxies.
Virtual Private Networks [vpn8]
A Virtual Private Network, or VPN, is a method of securing information communicated over the internet. When choosing a VPN service, try to pick a service from a country that will not easily hand over your private information. For example, services from Iceland or Sweden would be much safer than a service from the USA. Also try to find a service that does not keep user logs or payment information [if using a paid service].
Guides to installing the OpenVPN client:
- Windows: http://www.vpntunnel.se/howto/installationguideVPNtunnelclient.pdf
- Linux (Debian flavoured): http://www.vpntunnel.se/howto/linux.pdf
- Mac: http://www.vpntunnel.se/howto/mac.txt
Free VPN Services [Not Recommended]:
Commercial VPN Services [Recommended]:
Free VPN Downloads [Not Recommended]
- Windows: HotspotShield http://hotspotshield.com UltraVPN https://www.ultravpn.fr/download/ultravpninstall.exe
- Mac: Ultra VPN https://www.ultravpn.fr/download/ultravpn.dmg
- Linux: UltraVPN https://www.ultravpn.fr/forum/index.php?topic=204.0
I2P is an anonymizing network that supports many secure applications. We recommend using pchat to connect to anonops.ru and joining channels such as #anonops and #oplibya .
Active I2P sites
I2P Installation and Running on Linux
- Download and extract the installation files, no need for separate install (such as aptget install).
- Run the router from /i2p folder with sudo sh i2prouter start. In seconds, I2P should open a Konquerorbrowser page of I2Pmain console.
- Configure your bandwith settings. You might also consider opening some ports on your firewall for optimising the use of your bandwith.
Portable I2P (Windows Only)
- http://portablei2p.blogspot.com - Contains I2P, several plugins, preconfigured browser, preconfigured IRC client and messenger. Before you can use anything on I2P, you have to start the I2P router from the portableapps tray iconmenu with the button I2P Launcher.
Anonymous surfing with I2P
- Go to your browser options or preferences (depending on your browser) > ''network/connection settings''
- Select ''manual proxy configuration''
- In ''http'' insert 127.0.0.1 , for ''port'' insert 4444
- In ''https'' insert 127.0.0.1 , for ''port'' insert 4445 Make sure that you have No Proxy set for ''localhost, 127.0.0.1'' so you'll be able to reach your I2P configuration page. To test your anonymity, go eg. to: cmyip.com.
Proxies are intermediary connections that may help hide your IP. They do not encrypt data. They may also help in accessing restricted web sites. Use them with VPN services to increase VPN security. See the following sites and [tor2]:
Tor Onion Router [tor1]
Tor is a proxy network that helps hide your IP . It does NOT encrypt data. There have been some claims of specific countries [such as Iran] circumventing Tor protection.
Download TorButton for Firefox (Enable / Disable the Tor on the Browser) * https://www.torproject.org/torbutton
Tor is also included in the Anonymous care package [pkg6] .
*** Communications [cmm2] ***
Anonymous encourages citizens of protesting countries to ask for assistance. This is best done using IRC to connect to #anonops. Please remember that it is safest to use a VPN [vpn8] or I2P [i2p9]. The IRC can be joined through a link at anonops.ru . In the event of an internet shutdown, you can be sure that Anonymous and Telecomix will be trying diligently to restore communications. There are a number of things you can do to help.
- Try connecting to the internet at various locations sometimes only certain ISPs shutdown while others remain operational
- Try using dialup connections if possible
- Find ham radio owners and scan for communications by groups such as Telecomix they may be able to provide you with directions for alternative internet connection methods.
- Locate universities and businesses with fax machines we often try to use these machines as oneway communication devices to provide updates, safety guides, and inspirational material.
##*** Additional Information [add3] ***
Temporary / Throwaway Email Accounts [eml4]
Emails can be set up quickly at the following sites:
- http://www.spam.la An email provider with an emphasis on security can be found at: http://hushmail.com [not recommended, hands out data if Government demands it]
Useful Plugins / Extensions for Firefox [ffx5]
- BetterPrivacy Removes persistent cookies from flash stuff
- Ghostery Detects tracking pixels
- GoogleSharing GoogleProxy for locations where Google is censored
- User Agent Switcher Sends bogus browser identity to servers.
- Optimize Google Removes information Google uses to track searches
- Outernet Explorer (MacOS) Creates numerous searches to help prevent packet sniffing.
- https://www.eff.org/httpseverywhere Automatically loads https on a site if available.
- Scroogle SSL search (Google Anonymously): https://ssl.scroogle.org
Anonymous Care Package [pkg6]
Anonymous provides an often updated care package that contains useful guides and software. The best way to access it is to join an IRC channel and ask for it. The IRC may be accessed at anonops.ru and channels such as #anonops [ /join #anonops ] may be of assistance. Please keep in mind security protocols such as the use of a VPN [vpn8] or I2P [i2p9] when accessing the IRC.